Add migration to change environment_roles role column from string to

enum type.
Fix tests and functions affected by the column type change.
This commit is contained in:
leigh-mil 2020-01-08 17:38:55 -05:00
parent bffd981105
commit 17864cc060
14 changed files with 98 additions and 45 deletions

View File

@ -0,0 +1,58 @@
"""update environment_roles enum list
Revision ID: 828d8c188dce
Revises: 5d7198d34b91
Create Date: 2020-01-08 16:08:03.879881
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = '828d8c188dce' # pragma: allowlist secret
down_revision = '5d7198d34b91' # pragma: allowlist secret
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
conn = op.get_bind()
conn.execute(
"""
UPDATE environment_roles
SET role = NULL
"""
)
op.alter_column(
"environment_roles",
"role",
type_=sa.Enum(
"ADMIN",
"BILLING_READ",
"CONTRIBUTOR",
name="role",
native_enum=False,
),
existing_type=sa.VARCHAR(),
nullable=True,
)
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column(
"environment_roles",
"status",
type_=sa.VARCHAR(),
existing_type=sa.Enum(
"ADMIN",
"BILLING_READ",
"CONTRIBUTOR",
name="status",
native_enum=False,
),
)
# ### end Alembic commands ###

View File

@ -14,7 +14,7 @@ SERVICE_BRANCHES = [
]
ENV_ROLE_NO_ACCESS = "No Access"
ENV_ROLES = [(role.value, role.value) for role in CSPRole] + [
ENV_ROLES = [(role.name, role.value) for role in CSPRole] + [
(ENV_ROLE_NO_ACCESS, ENV_ROLE_NO_ACCESS)
]

View File

@ -9,10 +9,9 @@ import atst.models.types as types
class CSPRole(Enum):
BASIC_ACCESS = "Basic Access"
NETWORK_ADMIN = "Network Admin"
BUSINESS_READ = "Business Read-only"
TECHNICAL_READ = "Technical Read-only"
ADMIN = "Admin"
BILLING_READ = "Billing Read-only"
CONTRIBUTOR = "Contributor"
class EnvironmentRole(
@ -26,7 +25,7 @@ class EnvironmentRole(
)
environment = relationship("Environment")
role = Column(String())
role = Column(SQLAEnum(CSPRole, native_enum=False), nullable=True)
application_role_id = Column(
UUID(as_uuid=True), ForeignKey("application_roles.id"), nullable=False

View File

@ -99,7 +99,7 @@ def filter_env_roles_form_data(member, environments):
if len(env_roles_set) == 1:
(env_role,) = env_roles_set
env_data["role"] = env_role.role
env_data["role"] = env_role.role.name
env_data["disabled"] = env_role.disabled
env_roles_form_data.append(env_data)

View File

@ -126,7 +126,7 @@
{{ env.environment_name }}
</span>
<span class="env-role__role">
: {{ env.role }}
: {{ env.role.value }}
</span>
</div>
{% endfor %}

View File

@ -147,7 +147,7 @@ def test_invite():
user_data=user_data,
permission_sets_names=permission_sets_names,
environment_roles_data=[
{"environment_id": env1.id, "role": CSPRole.BASIC_ACCESS.value},
{"environment_id": env1.id, "role": CSPRole.ADMIN},
{"environment_id": env2.id, "role": None},
],
)
@ -173,8 +173,8 @@ def test_invite_to_nonexistent_environment():
inviter=application.portfolio.owner,
user_data=user_data,
environment_roles_data=[
{"environment_id": env1.id, "role": CSPRole.BASIC_ACCESS.value},
{"environment_id": uuid4(), "role": CSPRole.BASIC_ACCESS.value},
{"environment_id": env1.id, "role": CSPRole.ADMIN},
{"environment_id": uuid4(), "role": CSPRole.ADMIN},
],
)

View File

@ -26,8 +26,8 @@ def test_create_environments():
def test_update_env_role():
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
new_role = CSPRole.TECHNICAL_READ.value
env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN)
new_role = CSPRole.BILLING_READ
Environments.update_env_role(
env_role.environment, env_role.application_role, new_role
)
@ -35,7 +35,7 @@ def test_update_env_role():
def test_update_env_role_no_access():
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN)
Environments.update_env_role(env_role.environment, env_role.application_role, None)
assert not EnvironmentRoles.get(
@ -46,15 +46,13 @@ def test_update_env_role_no_access():
def test_update_env_role_disabled_role():
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN)
Environments.update_env_role(env_role.environment, env_role.application_role, None)
# An exception should be raised when a new role is passed to Environments.update_env_role
with pytest.raises(DisabledError):
Environments.update_env_role(
env_role.environment,
env_role.application_role,
CSPRole.TECHNICAL_READ.value,
env_role.environment, env_role.application_role, CSPRole.BILLING_READ,
)
assert env_role.role is None

View File

@ -255,7 +255,7 @@ class EnvironmentRoleFactory(Base):
model = EnvironmentRole
environment = factory.SubFactory(EnvironmentFactory)
role = random.choice([e.value for e in CSPRole])
role = random.choice([e for e in CSPRole])
application_role = factory.SubFactory(ApplicationRoleFactory)

View File

@ -28,7 +28,7 @@ def test_add_user_to_environment():
EnvironmentRoleFactory.create(
application_role=application_role,
environment=dev_environment,
role=CSPRole.BASIC_ACCESS.value,
role=CSPRole.ADMIN,
)
assert developer in dev_environment.users
@ -75,9 +75,9 @@ def test_environment_provisioning_status(env_data, expected_status):
def test_environment_roles_do_not_include_deleted():
member_list = [
{"role_name": CSPRole.BASIC_ACCESS.value},
{"role_name": CSPRole.BASIC_ACCESS.value},
{"role_name": CSPRole.BASIC_ACCESS.value},
{"role_name": CSPRole.ADMIN},
{"role_name": CSPRole.ADMIN},
{"role_name": CSPRole.ADMIN},
]
env = EnvironmentFactory.create(members=member_list)
role_1 = env.roles[0]

View File

@ -9,9 +9,7 @@ def test_environment_access_with_env_role(client, user_session):
app_role = ApplicationRoleFactory.create(
user=user, application=environment.application
)
EnvironmentRoleFactory.create(
application_role=app_role, environment=environment, role="developer"
)
EnvironmentRoleFactory.create(application_role=app_role, environment=environment)
user_session(user)
response = client.get(
url_for("applications.access_environment", environment_id=environment.id)

View File

@ -153,7 +153,7 @@ def test_post_new_member(monkeypatch, client, user_session, session):
"user_data-dod_id": user.dod_id,
"user_data-email": user.email,
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": "Basic Access",
"environment_roles-0-role": "ADMIN",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-role": NO_ACCESS,
@ -201,7 +201,7 @@ def test_post_update_member(client, user_session):
),
data={
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": "Basic Access",
"environment_roles-0-role": "ADMIN",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-role": NO_ACCESS,

View File

@ -129,11 +129,11 @@ def test_edit_application_environments_obj(app, client, user_session):
env = application.environments[0]
app_role1 = ApplicationRoleFactory.create(application=application)
env_role1 = EnvironmentRoleFactory.create(
application_role=app_role1, environment=env, role=CSPRole.BASIC_ACCESS.value
application_role=app_role1, environment=env, role=CSPRole.ADMIN
)
app_role2 = ApplicationRoleFactory.create(application=application, user=None)
env_role2 = EnvironmentRoleFactory.create(
application_role=app_role2, environment=env, role=CSPRole.NETWORK_ADMIN.value
application_role=app_role2, environment=env, role=CSPRole.CONTRIBUTOR
)
user_session(portfolio.owner)
@ -180,7 +180,7 @@ def test_get_members_data(app, client, user_session):
environments=[
{
"name": "testing",
"members": [{"user": user, "role_name": CSPRole.BASIC_ACCESS.value}],
"members": [{"user": user, "role_name": CSPRole.ADMIN}],
}
],
)
@ -402,7 +402,7 @@ def test_create_member(monkeypatch, client, user_session, session):
"user_data-dod_id": user.dod_id,
"user_data-email": user.email,
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": "Basic Access",
"environment_roles-0-role": "ADMIN",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-role": NO_ACCESS,
@ -511,10 +511,10 @@ def test_update_member(client, user_session, session):
env_2 = EnvironmentFactory.create(application=application)
# add user to two of the environments: env and env_1
updated_role = EnvironmentRoleFactory.create(
environment=env, application_role=app_role, role=CSPRole.BASIC_ACCESS.value
environment=env, application_role=app_role, role=CSPRole.ADMIN
)
suspended_role = EnvironmentRoleFactory.create(
environment=env_1, application_role=app_role, role=CSPRole.BASIC_ACCESS.value
environment=env_1, application_role=app_role, role=CSPRole.ADMIN
)
user_session(application.portfolio.owner)
@ -528,13 +528,13 @@ def test_update_member(client, user_session, session):
),
data={
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
"environment_roles-0-role": "CONTRIBUTOR",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-environment_name": env_1.name,
"environment_roles-1-disabled": "True",
"environment_roles-2-environment_id": env_2.id,
"environment_roles-2-role": CSPRole.NETWORK_ADMIN.value,
"environment_roles-2-role": "BILLING_READ",
"environment_roles-2-environment_name": env_2.name,
"perms_env_mgmt": True,
"perms_team_mgmt": True,
@ -565,7 +565,7 @@ def test_update_member(client, user_session, session):
environment_roles = application.roles[0].environment_roles
# check that the user has roles in the correct envs
assert len(environment_roles) == 3
assert updated_role.role == CSPRole.TECHNICAL_READ.value
assert updated_role.role == CSPRole.CONTRIBUTOR
assert suspended_role.disabled
@ -695,7 +695,7 @@ def test_handle_create_member(monkeypatch, set_g, session):
"user_data-dod_id": user.dod_id,
"user_data-email": user.email,
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": "Basic Access",
"environment_roles-0-role": "ADMIN",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-role": NO_ACCESS,
@ -718,7 +718,7 @@ def test_handle_create_member(monkeypatch, set_g, session):
assert job_mock.called
def test_handle_update_member(set_g):
def test_handle_update_member_success(set_g):
user = UserFactory.create()
application = ApplicationFactory.create(
environments=[{"name": "Naboo"}, {"name": "Endor"}]
@ -732,7 +732,7 @@ def test_handle_update_member(set_g):
form_data = ImmutableMultiDict(
{
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": "Basic Access",
"environment_roles-0-role": "ADMIN",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-role": NO_ACCESS,
@ -772,7 +772,7 @@ def test_handle_update_member_with_error(set_g, monkeypatch, mock_logger):
form_data = ImmutableMultiDict(
{
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": "Basic Access",
"environment_roles-0-role": "ADMIN",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-role": NO_ACCESS,

View File

@ -213,7 +213,7 @@ def test_applications_access_environment_access(get_url_assert_status):
"environments": [
{
"name": "thebar",
"members": [{"user": dev, "role_name": "devops"}],
"members": [{"user": dev, "role_name": "ADMIN"}],
}
],
}

View File

@ -24,7 +24,7 @@ from tests.factories import (
PortfolioFactory,
ApplicationRoleFactory,
)
from atst.models import EnvironmentRole, ApplicationRoleStatus
from atst.models import CSPRole, EnvironmentRole, ApplicationRoleStatus
@pytest.fixture(autouse=True, scope="function")
@ -293,7 +293,7 @@ def test_do_provision_user(csp, session):
environment_role = EnvironmentRoleFactory.create(
environment=provisioned_environment,
status=EnvironmentRole.Status.PENDING,
role="my_role",
role="ADMIN",
)
# When I call the user provisoning task
@ -302,7 +302,7 @@ def test_do_provision_user(csp, session):
session.refresh(environment_role)
# I expect that the CSP create_or_update_user method will be called
csp.create_or_update_user.assert_called_once_with(
credentials, environment_role, "my_role"
credentials, environment_role, CSPRole.ADMIN
)
# I expect that the EnvironmentRole now has a csp_user_id
assert environment_role.csp_user_id